Solved: Re: What is the purpose of the `useother` macro

CSmoke · ‎01-31-2019

Looking at some of the built in dashboards in Enterprise Security, there is a macro named useother

| tstats count from datamodel=Web.Web where * by _time,Web.status span=10m | timechart minspan=10m useother=useother count by Web.status | drop_dm_object_name("Web")

It appears to set the value to true.

title = useother
args = none
definition = true

Can anyone explain why this is used instead of useother=true?

dkeck · ‎01-31-2019

HI,

they probably used this a lot in ES, so its easier if you want to change it to false, to have a marco. Thats probably it.

Just for better maintenance. Thats what a macro is for.

View solution in original post

dkeck · ‎01-31-2019

HI,

they probably used this a lot in ES, so its easier if you want to change it to false, to have a marco. Thats probably it.

Just for better maintenance. Thats what a macro is for.

CSmoke · ‎01-31-2019

Thanks, that makes sense.

What is the purpose of the `useother` macro

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

What is the purpose of the `useother` macro

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers